37 matches found
RaspAP raspap-webgui contains an OS Command Injection vulnerability
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS Command Injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...
OS command injection in raspap-webgui
Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
CVE-2026-24788
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...
CVE-2026-24788
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...
CVE-2026-24788
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...
CVE-2026-24788
CVE-2026-24788 concerns RaspAP raspap-webgui prior to version 3.3.6, which is affected by an OS command injection vulnerability. Multiple connected sources (Red Hat's advisory RH:CVE-2026-24788, NVD/NVD-derived entries, GHSA entry, CIRCL sighting) corroborate that an authenticated user (login to ...
CVE-2026-24788
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...
raspap-webgui 操作系统命令注入漏洞
Raspap-webgui is an open-source wireless router configuration software developed by RaspAP. Versions of raspap-webgui prior to 3.3.6 contained a vulnerability related to operating system command injection. This vulnerability was due to the susceptibility to OS command injection attacks, which cou...
EUVD-2025-28371
Malicious code in bioql PyPI...
EUVD-2025-19331
Malicious code in bioql PyPI...
CVE-2025-50428
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...
raspap-webgui 安全漏洞
raspap-webgui is a wireless router setup software from RaspAP open source. A security vulnerability exists in raspap-webgui 3.3.2 and earlier versions, which stems from the hostapd.php script not clearing the interface parameter, which could lead to a command injection attack...
PT-2025-34904 · Unknown · Raspap Raspap-Webgui
Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui versions prior to 3.3.3 Description: A command injection issue exists in the includes/hostapd.php script due to improper sanitization of user input passed via the interface parameter. Recommendations: Update RaspAP...
CVE-2025-50428
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...
Exploit for CVE-2025-50428
!CVEhttps://img.shields.io/badge/CVE-2025--50428-high?style=f...
Directory Traversal
billz/raspap-webgui is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the entity parameter in ajax/networking/getwgkey.php allowing crafted POST requests that leverage the tee command to overwrite arbitrary files writable by the web server...
CVE-2024-36622
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...
CVE-2024-36622
CVE-2024-36622 affects RaspAP raspap-webgui, version 3.0.9 and earlier. The issue is a command injection in the clearlog.php script caused by improper sanitization of the logfile parameter. The vulnerability details across connected sources consistently describe the same root cause and impact (po...
CVE-2024-36622
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...
Arbitrary Code Injection
Overview billz/raspap-webgui is a Simple wireless AP setup and mangement for Debian-based devices. Affected versions of this package are vulnerable to Arbitrary Code Injection in the DisplayProviderConfig function, which is accessible via the $POST'country' in the HTTP POST request handler. A use...